.Dd November 17, 2019
.Dt AED 1
.Os AED
.Sh NAME
.Nm aed
.Nd perform aes256-cbc encryption/decryption
.Sh SYNOPSIS
.Nm
.Op Fl deh
.Sh DESCRIPTION
The
.Nm
utility can be used to perform symmetric encryption/decryption of the
input stream using 256bit AES with a SHA256 digest.
.Sh OPTIONS
.Nm
supports the following command-line options:
.Bl -tag -width d__
.It Fl d
Perform decryption of the input stream.
.It Fl e
Perform encryption of the input stream.
.It Fl h
Print a short usage and exit.
.El
.Sh DETAILS
.Nm
reads data from stdin and either encrypts or decrypts it (depending on the
.Fl d
or
.Fl e
flag).
It uses AES 256bit CBC mode with a SHA256 digest with keying material
derived from the passphrase using the
.Xr EVP_BytesToKey 3
function, generating a suitable salt via
.Xr RAND_bytes 3 .
.Pp
.Nm
reads the password from which to derive the key material from the
.Ar AED_PASS
environment variable.
.Pp
When encrypting, the output is prefixed by the string "Salted__",
followed by the 8 byte salt.
Output is written to stdout.
.Sh EXAMPLES
To encrypt the contents of the file 'file' and storing the encrypted
output in 'file.enc':
.Bd -literal -offset indent
aed -e <file >file.enc
.Ed
.Pp
To decrypt the contents of that file again:
.Bd -literal -offset indent
aed -d <file.enc
.Ed
.Pp
Since
.Nm
operates on stdin and stdout, the above two commands could also be
chained:
.Bd -literal -offset indent
cat file | aed -e | aed -d
.Ed
.Sh EXIT STATUS
.Nm
exits 0 on success, and >0 if an error occurred.
.Sh SEE ALSO
.Xr EVP_BytesToKey 3 ,
.Xr EVP_EncryptInit 3 ,
.Xr RAND_bytes
.Pp
https://www.netmeister.org/blog/passing-passwords.html
.Sh HISTORY
This program (or variants thereof) was first assigned as a stand-alone
programming assignment for the class
.Dq Advanced Programming in the UNIX Environment
at Stevens Institute of Technology in the Fall of 2012.
.Sh BUGS
Well, let's see...
